Armory
Process Monitor
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user ...
ShareEnum
An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ...
Streams
The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file's main unnamed data stream, but by using the syntax 'file:stream', you are able to read and write to alternates. Not all applications are written to access ...
Disk Usage
Du (disk usage) reports the disk space usage for the directory you specify. By default it recurses directories to show the total size of a directory and its subdirectories.
AD Explorer
Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that ...
AutoRuns
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and ...
TCPView
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, NT, 2000 and XP TCPView also reports the name of the process that owns ...
LogonSessions
If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session. LogonSessions works on Windows 2000 and higher.
Ophcrack
Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux. Cracks LM ...
SID&User
SID&User is a freeware tool for extracting SIDs and account names from Windows NT/2000/XP/2003.
AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " ...
Bluebugger
bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt.
Wyd
In current IT security environments, files and services are often password protected. In certain situations it is required to get access to files and/or data even when they are protected and the password is unknown. wyd.pl was born of those two of situations: * A penetration test should be performed ...
SIPcrack
SIPcrack is a toolsuite for sniffing and bruteforcing the digest authenticiation password that is sent by SIP clients registering at a SIP server. SIPcrack contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.
Hotspotter
Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow ...
Wellenreiter
Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is one of the easiest to use linux wireless scanning tools available. No card configuration has to be done anymore. The whole look and feel is pretty self-explainatory. It can discover networks ...
p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on machines that connect to your box (SYN mode), machines you connect to (SYN+ACK mode), machine you cannot connect to (RST+ mode), and machines whose communications you can observe. P0f can also do many other ...
cdpr
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
WebScarab
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, ...
ntop
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well. ntop users ...
NBTScan
NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.
OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library managed by a worldwide community of volunteers that use the ...
Xprobe2
Written and maintained by Fyodor Yarochkin, Meder Kydyraliev and Ofir Arkin, Xprobe (I & II) is an active OS fingerprinting tools based on Ofir Arkins ICMP Usage In Scanning Research project.Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote ...
fgdump
A successor to pwdump, fgdump can be used to dump user info from local and remote Windows boxes, given administrator privileges.
lsof
lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It can also list communications open by each process.
RainbowCrack
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea ...
KisMAC
KisMAC is an opensource and free stumbler/scanner application for Mac OS X. It has an advantage over MacStumbler, iStumbler, and NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports several third party PCMCIA cards - Orinoco, PrismII, Cisco Aironet, Atheros and PrismGT. USB Prism2 is supported as ...
ike-scan
ike-scan is a command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers.
arpwatch
arpwatch is an open-source software that monitors a computer network for ARP-activity. It generates a log of IP address-MAC address pairings along with a timestamp when the pairing appeared on the network. The first and foremost reason to monitor ARP activity is to detect ARP spoofing. It is developed by ...